Cyber Security

There is no doubt that we are all vulnerable to cyber-attack, like most criminal enterprises, identifying and exploiting the easiest way to your assets is most common approach. If you continue reading, you will find nine things you can do to reduce your risk. Some are simply behavioral changes, most are easy to implement and cost nothing, everyone will make you more secure. Here are steps you can take to reduce your exposure.

1) Turn on your firewall and install decent anti-virus and malware protection. Both mac’s and PC’s have protection built in, on occasion they cause inconvenience, live with that and enable both, then select a reputable anti-virus program and install it. A couple of our favorites are AVG and Avast. Both offer free versions, (start there and if you like it upgrade to the pay version). Another great tool is MalwareBytes, also available in a free version, it’s very effective at finding and removing malware. Make sure to go to the manufacturers site for the download, avoid third party downloads, while some are safe, others are booby traps. 2) Keep your operating system and browser current – most updates are distributed to patch security vulnerabilities, but they only work if you update. 3) Change your passwords – this is perhaps the most tedious of all exercises, so people don’t do it. Either create unique, long (20 characters is preferred) passwords that aren’t words or phrases. Or consider using a password vault that will create randomly generated, extremely strong passwords for all of your accounts, and give you access with a single password of your choosing. Depending on the number of on-line accounts you have, setup can take some work, but it’s so much safer than using the same password for everything, or writing them all down, and saving the document on your computer or phone. We like LastPass and 1Password. Then consider your internal passwords for your router, Wi-Fi, security cameras, etc. All the “Internet of Things” devices in your home have vulnerability if they are left with the default password, change them. 4) Go slow and avoid Phishing, an extremely common tactic executed through email, pop-ups, compromised websites or spoofed websites. The objective is to trick you into providing log in or personal information (SSI, account numbers, etc.) by pretending to be an organization that you have a relationship with. For example, you receive an email from your bank that says “it’s critical that you update your account information in the next 24 hours or the account will be locked down” then provides a link to do that. The email looks very official, and It’s easy to fall for this, it’s also easy to avoid. First, know that it’s extremely uncommon (and poor practice) for legitimate businesses to ask for sensitive information in this manner. Look very carefully at the sender’s address by hovering over the name as displayed. If it doesn’t end in the businesses standard address, it’s fake. Undisclosed recipients in the To: field is a red flag also. If you do click on the site, look closely at the URL (web address) it needs to start HTTPS:// and then end with the legitimate businesses URL. Look closely. If there is any doubt, call the real customer service number. Another trick is to spoof a legitimate website – We’ve all misspelled the name of the bank or business web address that we intend to visit. Criminals know that, and they purchase the most commonly misspelled names and direct the unsuspecting victim to a fake site that looks real, entice you to log in, then capture your info, and use it to steal from you. Use the same practice as shown above. Look closely at the web address and if it’s sketchy, run. 5) Be cautious of pop ups – you may have had a page pop up that say’s your computer is at risk, or performing poorly, and if you simply click here or call this number they can provide remote support to resolve the issues. They usually try to make you believe they are Apple, Microsoft or Dell, or whomever. They are almost always illegitimate. 6) Subscribe to a service that monitors your sensitive information and alerts you to potential identity theft. If you haven’t been a victim, someone you know has. The most well-known of these services is Lifelock. 7) Back up your data. Ransomware that attacks businesses and individuals is pervasive. The attack comes through malware. With the knowledge that no security measures make you impervious to attack, the next best thing to do is be able to recover to your “pre-infected” condition. That’s accomplished by backing up your computer, which is also a hedge against equipment failure. For some iCloud or Microsoft Cloud is sufficient. For a more comprehensive approach, consider a service like Carbonite. 8) Stay off public networks in airports, coffee shops, hotels, etc. use your phone or other LTE device as a hotspot instead. Your data is particularly vulnerable on open or public networks. 9) Take it to the next level – The first eight steps are relatively easy and very cost effective measures that will go a long way towards protecting you. If you want to take it further, employ an expert to install and configure a hardware firewall that is actively managed. And consider remote system monitoring and management for all your IP devices. This brings a trusted support team into the mix to drive firmware patches, and insure that your systems are on line and operational at all times. The internet is a dangerous place, increasingly we live and conduct business on line. Criminals are very aware and this era is perhaps the easiest they have had it since the dark ages. Following the few simple steps shown above can save you at from being a victim.